Version 3.64 Nov 23, 2013
[BUG FIXES]
- Avoid warning about "undefined variable in user_agent in some cases (RT#72882)
[INTERNALS]
- Avoiding warning about "unitialized value" in when calling user_agent() in some cases. (RT#72882, perl@max-maurer.de)
- Update minimum required version in Makefile.PL to 5.8.1. It had already been
updated to 5.8.1 in the CGI.pm module in 3.53.
- Fix POD errors reported by newer pod2man (Thanks to jmdh)
- Typo fixes, (dsteinbrunner).
- use deprecate.pm on perls 5.19.0 and later. (rjbs).
[DOCUMENTATION]
- Update CGI::Cookie docs to reflect that HttpOnly is widely supported now.
Version 3.63 Nov 12, 2012
[SECURITY]
- CR escaping for Set-Cookie and P3P headers was improved. There was potential
for newline injection in these headers.
(Thanks to anazawa, https://github.com/markstos/CGI.pm/pull/23)
Version 3.62, Nov 9th, 2012
[INTERNALS]
- Changed how the deprecated endform function was defined for compatibilty
with the development version of Perl.
- Fix failures in t/tmpdir.t when run as root
https://github.com/markstos/CGI.pm/issues/22, RT#80659)
- Made it possible to force a sorted order for things like hash
attributes so that tests are not dependent on a particular hash
ordering. This will be required in modern perls which will
change the ordering per process. (Yves, RT#80659)
Version 3.61 Nov 2nd, 2012
(No code changes)
[INTERNALS]
- formatting of CGI::Carp documentation was improved. Thanks to benkasminbullock.
- un-TODO some tests in t/tmpdir.t that were passing in most cases.
More on this:
https://github.com/markstos/CGI.pm/issues/19#
https://github.com/markstos/CGI.pm/commit/cc73dc9807b0fabb56b3cdf1a9726588b2eda0f7
Version 3.60 Aug 15th, 2012
[BUG FIXES]
- In some caes, When unescapeHTML() hit something it didn't recognize with an ampersand and
and semicolon, it would throw away the semicolon and ampersand. It now does a better job.
of preserving content it doesn't recognize. Thanks to CEBJYRE@cpan.org (RT#75595)
- Remove trailing newline after

tag inserted by startform and start_form. It can
cause rendering problems in some cases. Thanks to SJOHNSTON@cpan.org (RT#67719)
- Workaround "Insecure Dependency" warning generated by some versions of Perl (RT#53733).
Thanks to degatcpan@ntlworld.com, klchu@lbl.gov and Anonymous Monk
[DOCUMENTATION]
- Clarify that when -status is used, the human-readable phase should be included, per RFC 2616.
Thanks to SREZIC@cpan.org (RT#76691).
[INTERNALS]
- More tests for header(), thanks to Ryo Anazawa.
- t/url.t has been fixed on VMS. Thanks to cberry@cpan.org (RT#72380)
- MANIFEST patched so that t/multipart_init.t is included again. Thanks to shay@cpan.org (RT#76189)
Version 3.59 Dec 29th, 2011
[BUG FIXES]
- We no longer read from STDIN when the Content-Length is not set, preventing
requests with no Content-Length from freezing in some cases. This is consistent
with the CGI RFC 3875, and is also consistent with CGI::Simple. However, the old
behavior may have been expected by some command-line uses of CGI.pm.
Thanks to Philip Potter and Yanick Champoux. See RT#52469 for details:
https://rt.cpan.org/Public/Bug/Display.html?id=52469
[INTERNALS]
- remove tmpdirs more aggressively. Thanks to rjbs (RT#73288)
- use Text::ParseWords instead of ancient shellwords.pl. Thanks to AlexBio.
- remove use of define(@arr). Thanks to rjbs.
- spelling fixes. Thanks to Gregor Herrmann and Alessandro Ghedini.
- fix test count and warning in t/fast.t. Thanks to Yanick.
Version 3.58 Nov 11th, 2011
[DOCUMENTATION]
- Clarify that using query_string() only has defined behavior when using the GET method. (RT#60813)
Version 3.57 Nov 9th, 2011
[INTERNALS]
- test failure in t/fast.t introduced in 3.56 is fixed. (Thanks to zefram and chansen).
- Test::More requirement has been bumped to 0.98
Version 3.56 Nov 8th, 2011
[SECURITY]
Use public and documented FCGI.pm API in CGI::Fast
CGI::Fast was using an FCGI API that was deprecated and removed from
documentation more than ten years ago. Usage of this deprecated API with
FCGI >= 0.70 or FCGI <= 0.73 introduces a security issue.
(Thanks to chansen)
[INTERNALS]
- tmp files are now cleaned up on VMS ( RT#69210, thanks to cberry@cpan.org )
- Fixed test failure: done_testing() added to url.t (Thanks to Ryan Jendoubi)
- Clarify preferred bug submission location in docs, and note that Mark Stosberg
is the current maintainer.
Version 3.55 June 3rd, 2011
[THINGS THAT MAY BREAK YOUR CODE]
url() was fixed to return "PATH_INFO" when it is explicitly requested
with either the path=>1 or path_info=>1 flag.
If your code is running under mod_rewrite (or compatible) and you are calling self_url() or
you are calling url() and passing path_info=>1, These methods will actually be
returning PATH_INFO now, as you have explicitly requested, or has self_url()
has requested on your behalf.
The PATH_INFO has been omitted in such URLs since the issue was introduced
in the 3.12 release in December, 2005.
This bug is so old your application may have come to depend on it or
workaround it. Check for application before upgrading to this release.
Examples of affected method calls:
$q->url(-absolute => 1, -query => 1, -path_info => 1 )
$q->url(-path=>1)
$q->url(-full=>1,-path=>1)
$q->url(-rewrite=>1,-path=>1)
$q->self_url();
Version 3.54, Apr 28, 2011
No code changes
[INTERNALS]
- Address test failures in t/tmpdir.t, thanks to Niko Tyni.
Some tests here are failing on some platforms and have been marked as TODO.
Version 3.53, Apr 25, 2011
[NEW FEATURES]
- The DELETE HTTP verb is now supported.
(RT#52614, James Robson, Eduardo Ari�o de la Rubia)
[INTERNALS]
- Correct t/tmpdir.t MANIFEST entry. (RT#64949)
- Update minimum required Perl version to be Perl 5.8.1, which
has been out since 2003. This allows us to drop some hacks
and exceptions (Mark Stosberg)
Version 3.52, Jan 24, 2011
[DOCUMENTATION]
- The documentation for multi-line header handling was been updated to reflect
the changes in 3.51. (Mark Stosberg, ntyni@iki.fi)
[INTERNALS]
- Add missing t/tmpfile.t file. (RT#64949)
- Fix warning in t/cookie.t (RT#64570, Chris Williams, Rainer Tammer, Mark Stosberg)
- Fixed logic bug in t/multipart_init.t (RT#64261, Niko Tyni)
Version 3.51, Jan 5, 2011
[NEW FEATURES]
- A new option to set $CGI::Carp::TO_BROWSER = 0, allows you to explicitly
exclude a particular scope from triggering printing to the browser when
fatatlsToBrowser is set. (RT#62783, Thanks to papowell)
- The